<?php
$uid=isset($_COOKIE["UID"])?$_COOKIE["UID"]:"";
$user="";
$sno="";
$email="";

$act=isset($_GET["act"])? $_GET["act"]:"";

   include "mysql.inc.php";
   include "user.inc.php";

   $m=new CMySQL($dbserver,$dbuser,$dbpsd,$dbname);

if($act=="save")
{
   $psd		= htmlentities(isset($_POST["password1"])?$_POST["password1"]:"",ENT_QUOTES);
   $psd2	= htmlentities(isset($_POST["password2"])?$_POST["password2"]:"",ENT_QUOTES);
   $sno		= htmlentities(isset($_POST["sno"])?$_POST["sno"]:"",ENT_QUOTES);
   $email	= htmlentities(isset($_POST["email"])?$_POST["email"]:"",ENT_QUOTES);


   if($psd==$psd2 && $sno && $email)
   {
       $sql="update user set ";
       $sql.="SNO='$sno' ,";
       $sql.="EMAIL='$email' ";
       if($psd!="") $sql.=", PSD ='".md5($psd)."' ";
       $sql.=" where UID=$uid";

       $m->DoQueryNoReturn($sql);
       echo "Data Saved!<p>";
   }
   else
   {
      if($psd!=$psd2)	echo "The passwords are not the same.<p>";
      if($sno=="")	echo "The School Number can not be empty.<p>";
      if($email=="")	echo "The EMAIL can not be empty.<p>";
   }

}


if($uid!="")
{

   $sql="select * from user where UID='$uid' limit 1";

   $users=$m->DoQuery($sql);
   if(count($users)==1)
   {
       $user=$users[0]["USER"];
       $sno=$users[0]["SNO"];
       $email=$users[0]["EMAIL"];
   }
}


?>
<form action=profile.php?act=save method=POST>
<table width="650" border="1" align="left">
  <tr>
    <th colspan="3" scope="col">My Profile</th>
  </tr>
  <tr>
    <th width="193" scope="row">PASSWORD</th>
    <td width="174"><input type="password" name="password1" id="password1" /></td>
    <td width="261" rowspan="2">if you don't want to change the password, <br />
      leave them empty.</td>
  </tr>
  <tr>
    <th scope="row">PASSWORD CONFIRM</th>
    <td><input type="password" name="password2" id="password2" /></td>
  </tr>
  <tr>
    <th scope="row">SCHOOL NUMBER</th>
    <td><input type="text" name="sno" id="sno" value="<?php echo $sno;?>" /></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <th scope="row">EMAIL</th>
    <td><input type="text" name="email" id="email"  value="<?php echo $email;?>"/></td>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <th colspan="3" scope="row"><input type="submit" name="button3" id="button3" /></th>
  </tr>
</table>
</form>
